Legal claims defining the scope of protection, as filed with the USPTO.
1. A method for supporting managed security services, the method comprising: self-provisioning within an enterprise network that includes a plurality of interconnected networks by scanning the enterprise network to determine whether an instance of an anomalous event detection mechanism exists, to create the instance if the anomalous event detection mechanism does not exist, and to create automatically one or more additional instances of the anomalous event detection mechanism to accommodate expansion of the enterprise network; and accessing, by the anomalous event detection mechanism, a database storing a rule set specifying a security policy for the enterprise network for monitoring one of the networks according to the rule set.
2. A method according to claim 1 , further comprising: associating a digital certificate with the rule set to indicate that the rule set is from a particular source.
3. A method according to claim 1 , wherein the database in the accessing step resides within one of a server maintained by a service provider and a pre-existing anomalous event detection system within the enterprise network, the method further comprising: establishing a secure communication session with the server or the pre-existing anomalous event detection system to retrieve the rule set.
4. A method according to claim 3 , wherein the secure communication session in the establishing step is a Virtual Private Network (VPN) tunnel.
5. A method according to claim 3 , further comprising: storing an anomalous event from the one network; analyzing the anomalous event according to statistical predictive rules; and selectively creating a new rule in response to the analysis of the anomalous event.
6. A method according to claim 5 , further comprising: inserting the new rule into the database to update the rule set, wherein the updated rule set is time-stamped to support retrieval of the latest modified rule set.
7. A method according to claim 1 , further comprising: transmitting status information to a pre-existing anomalous event detection system within a cluster, wherein the monitoring of the one network is performed in conjunction with the pre-existing anomalous event detection system across the cluster.
8. A system for providing managed security services, the system comprising: a database configured to store a rule set specifying a security policy for a network associated with a customer; and an anomalous detection event module deployed within a premise of the customer and configured to retrieve the rule set from the database and to monitor a sub-network within the network based on the rule set, wherein the anomalous event detection module is further configured to self-organize by examining components of the network and to monitor for the anomalous event according to the examined components, and to self-provision by creating an initial instance of itself and selectively creating another instance to monitor another sub-network of the network.
9. A system according to claim 8 , wherein the anomalous detection event module includes: an intrusion detection engine configured to detect the anomalous event using one of a signature-based scheme, and a heuristic scheme.
10. A system according to claim 8 , wherein the anomalous detection event module includes: a provisioning engine configured to establish a secure communication session for accessing the database to retrieve the rule set.
11. A system according to claim 10 , wherein the secure communication session is a Virtual Private Network (VPN) tunnel.
12. A system according to claim 10 , wherein the database resides within one of a server maintained external to the network, and the provisioning engine establishes the secure communication session to the server.
13. A system according to claim 10 , wherein the anomalous detection event module includes: an event evaluator configured to analyze the anomalous event according to statistical predictive rules, wherein a new rule is selectively created in response to the analysis of the anomalous event.
14. A system according to claim 13 , wherein the new rule is inserted into the database to update the rule set, and the updated rule set is time-stamped to support retrieval of the latest modified rule set.
15. A system according to claim 13 , wherein the anomalous detection event module includes: a certificate application configured to associate a digital certificate with the updated rule set to indicate that the updated rule set is from a particular source.
16. A computer-readable medium carrying one or more sequences of one or more instructions for supporting managed security services, the one or more sequences of one or more instructions including instructions which, when executed by one or more processors, cause the one or more processors to perform the steps of: self-provisioning within an enterprise network that includes a plurality of interconnected networks by scanning the enterprise network to determine whether an instance of an anomalous event detection mechanism exists, to create the instance if the anomalous event detection mechanism does not exist, and to create automatically one or more additional instances of the anomalous event detection mechanism to accommodate expansion of the enterprise network; and accessing, by the anomalous event detection mechanism, a database storing a rule set specifying a security policy for the enterprise network for monitoring one of the networks according to the rule set.
17. A computer-readable medium according to claim 16 , wherein the one or more processors further perform the step of: associating a digital certificate with the rule set to indicate that the rule set is from a particular source.
18. A computer-readable medium according to claim 16 , wherein the database in the accessing step resides within one of a server maintained by a service provider and a pre-existing anomalous event detection system within the enterprise network, and the one or more processors further perform the steps of: establishing a secure communication session with the server or the pre-existing anomalous event detection system to retrieve the rule set.
19. A computer-readable medium according to claim 18 , wherein the secure communication session in the establishing step is a Virtual Private Network (VPN) tunnel.
20. A computer-readable medium according to claim 18 , wherein the one or more processors further perform the steps of: storing an anomalous event from the one network; analyzing the anomalous event according to statistical predictive rules; and selectively creating a new rule in response to the analysis of the anomalous event.
21. A computer-readable medium according to claim 20 , wherein the one or more processors further perform the step of: inserting the new rule into the database to update the rule set, wherein the updated rule set is time-stamped to support retrieval of the latest modified rule set.
22. A computer-readable medium according to claim 16 , wherein the one or more processors further perform the step of: transmitting status information to a pre-existing anomalous event detection system within a cluster, wherein the monitoring of the one network is performed in conjunction with the pre-existing anomalous event detection system across the cluster.
23. A network apparatus for supporting managed security services, the apparatus comprising: means for self-provisioning within an enterprise network that includes a plurality of interconnected networks by scanning the enterprise network to determine whether an instance of an anomalous event detection mechanism exists, to create the instance if the anomalous event detection mechanism does not exist, and to create automatically one or more additional instances of the anomalous event detection mechanism to accommodate expansion of the enterprise network; and means for accessing, by the anomalous event detection mechanism, a database storing a rule set specifying a security policy for the enterprise network and means for monitoring one of the networks according to the rule set.
24. An apparatus according to claim 23 , further comprising: means for associating a digital certificate with the rule set to indicate that the rule set is from a particular source.
25. An apparatus according to claim 23 , wherein the database resides within one of a server maintained by a service provider, the apparatus further comprising: means for establishing a secure communication session with the server to retrieve the rule set.
26. An apparatus according to claim 25 , wherein the secure communication session is a Virtual Private Network (VPN) tunnel.
27. An apparatus according to claim 25 , further comprising: means for storing an anomalous event from the one network; means for analyzing the anomalous event according to statistical predictive rules; and means for selectively creating a new rule in response to the analysis of the anomalous event.
28. An apparatus according to claim 27 , further comprising: means for inserting the new rule into the database to update the rule set, wherein the updated rule set is time-stamped to support retrieval of the latest modified rule set.
29. An apparatus according to claim 27 , further comprising: means for transmitting status information to a pre-existing anomalous event detection system within a cluster, wherein the monitoring of the one network is performed in conjunction with the pre-existing anomalous event detection system across the cluster.
Unknown
December 12, 2006
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.